(MEREDITH) -- If you stayed at a hotel during the last few months of 2016, it might be smart to check your credit card transactions. A massive credit card data breach at 1,175 hotels has exposed the payment information of potentially thousands of customers of hotels like Holiday Inn, Holiday Inn Express, and Crowne Plaza.

Parent company InterContinental Hotels Group (IHG) launched an internal investigation into the data breach earlier this year and found that malware had accessed payment data of cards used at the front desks of certain hotels between Sept. 29, 2016, and Dec. 29, 2016. IHG has over 5,000 hotels, including Staybridge Suites, Candlewood Suites, Hotel Indigo and Holiday Inn Resort.

What data is at risk?

Basically, the malware mined the track data, information read from that magnetic strip on the back of your credit card. That includes:

Card number

Expiration date

Internal verification code (3-digit code on the back of your card)

IHG’s investigation didn’t find any evidence of data breaches after Dec. 29, 2016, but they didn’t get confirmation that the malware had been removed until February and March. The timespan of the breach could still widen as the investigation continues.

What should you do?

Check your credit card statements for any suspicious activity, something you should do regularly anyway, just in case. If you see something you didn’t authorize, call your credit card company on that phone number on the back of your card. Usually, if you catch it within a few months you won’t be responsible for the charge.

If you have questions for IHG, you can give them a call at 855-330-6367.

Which hotels were affected?

The investigation is still going, so this list could grow, but IHG has provided a not-so-user-friendly tool for you to use to determine which hotels have been affected. Here’s a list of how many hotels by state have been listed in the data breach: